From WinMag Central
NT Virus Alert
--by David W. Methvin


A particularly nasty Windows NT virus called Remote Explorer, 
or RICHS, attacked computers at MCI WorldCom this past 
December. The Remote Explorer virus spreads by activating 
itself only when someone with Administrator privileges runs an 
infected executable file. It will then infect other files, 
including files on other network-connected computers. As part 
of its operation, the virus also corrupts files it randomly 
selects on a disk. You can tell if an NT system has been 
infected by this virus by looking in Control Panel/Services to 
see if a service called Remote Explorer has been installed. You 
can find more information on the virus, how to detect it and 
how to avoid it, at

http://www.microsoft.com/security/bulletins/remote.asp.


 1998 Windows Magazine, April 1999, Page 158.